Pirated Software and Network Segmentation

July 17, 2017

Global financial services enterprises face a complex web of risk management challenges.
Sometimes finding the right grain for security controls can be a difficult problem.
This can be especially problematic when there is a tendency to attribute specific risks to cultures or nations.

A couple months ago I read a short article on how wannacry ransomware impacted organizations in China. Recently, while responding to a question about data communications connectivity and segmenting enterprise networks, I used some of the factoids in this article. While some propose material “savings” and “agility” enabled by uninhibited workforce communications and sharing, the global financial services marketplace imposes the need for rational/rationalized risk management and some level of due diligence evidence. Paul Mozur provides a brief vignette about some of the risks associated with what seems like China’s dependence on pirated software. Mr. Mozur argues that unlicensed Windows software is not being patched, so the vulnerability ecosystem in China is much richer for attackers than is found in societies where software piracy is less pronounced. Because of the scale of the issue, this seems like it is a valid nation-specific risk — one that might add some context to some individual’s urges to enforce China-specific data communications controls.

Again, there is no perfect approach to identifying security controls at the right grain. Story-telling about risks works best with real and relevant fact-sets. This little article may help flesh out one facet of the risks associated with more-open, rather than more segmented data communications networks.

“China, Addicted to Bootleg Software, Reels From Ransomware Attack.”


FBI Director James Comey on Some China Risks

October 5, 2014

For a variety of reasons, it is often a challenge to generate the appropriate level of information security awareness in executive leadership.
For some this has been especially true when the issues are associated with nation-state actors or a given culture.

For enterprises extending their operations into China, it may be difficult to build an effective risk-management message in the face of the virtually-intoxicating potential for growth and profit.

In that context, a recent interview with FBI Director James Comey included some unambiguous statements that might be helpful in framing some of the risks of integrating or extending your Financial Services operations into China. The interview was aired on the October 5, 2014 episode of 60 Minutes.

Scott Pelley: What countries are attacking the United States as we sit here in cyberspace?

James Comey: Well, I don’t want to give you a complete list. But I can tell you the top of the list is the Chinese. As we have demonstrated with the charges we brought earlier this year against five members of the People’s Liberation Army. They are extremely aggressive and widespread in their efforts to break into American systems to steal information that would benefit their industry.

Scott Pelley: What are they trying to get?

James Comey: Information that’s useful to them so they don’t have to invent. They can copy or steal so learn about how a company might approach negotiation with a Chinese company, all manner of things.

Scott Pelley: How many hits from China do we take in a day?

James Comey: Many, many, many. I mean, there are two kinds of big companies in the United States. There are those who’ve been hacked by the Chinese and those who don’t know they’ve been hacked by the Chinese.

Scott Pelley: The Chinese are that good?

James Comey: Actually, not that good. I liken them a bit to a drunk burglar. They’re kicking in the front door, knocking over the vase, while they’re walking out with your television set. They’re just prolific. Their strategy seems to be: We’ll just be everywhere all the time. And there’s no way they can stop us.

Scott Pelley: How much does that cost the U.S. economy every year?

James Comey: Impossible to count. Billions.

The entire transcript is available at:


Other Completosec Channel blog entries on this topic:

Infrastructure and Integration, Culture Matters

December 17, 2013

A recent 60 Minutes episode highlighted an NSA staffer describing a Chinese plot to “take down” the U.S. financial system using social engineering & a firmware update to brick the computers that support all economic activity.  The story received a lot of unflattering attention (Google it).  The broader piece about recent NSA data-gathering and spying also seemed less like news than an advertisement.  This has resulted in a lot of attention on the nature of the story and the likelihood that there is material distance between the themes highlighted by the CBS report and the behaviors of NSA staff and leadership.  So, why should we care?

There are many reasons.  One assumes that many in our industry receive “news” via feeds & tweets — which must radically distill stories down to a very few words.  Many senior decision-makers “grew up” with news shows like 60 Minutes and have sensors tuned to content from its brand.  So, that channel can deliver messages to financial services leaders in ways many others can’t.

Later in the December 15th 60 Minutes broadcast was a report about the Chinese telecommunications equipment giant “Huawei.”  It could have been a useful reminder that infrastructure matters in global Financial Services risk management.  Global data communications networking makes decision-making about ‘inside’ & ‘outside’ and what or whom to trust much more complex and challenging.  Culture matters.  Nation-state behaviors matter.  The scale and scope of Financial Services operations make it an attractive target for intellectual property theft.  We all need to continue to enhance our understanding of threats associated with infrastructure purchasing and integration, as well as with extending our operations using partners and massive shared ‘cloud’ infrastructure.


“Update on Huawei.” Dec. 15, 2013 http://www.cbsnews.com/videos/update-on-huawei/

“Chinese telecom giant eyed as security threat.” Oct. 05, 2012, http://www.cbsnews.com/news/chinese-telecom-giant-eyed-as-security-threat/


Symantec Report Highlights Hidden Lynx Threat to Financial Services Enterprises

September 25, 2013

Last week researchers at security vendor Symantec released a whitepaper attempting to describe the nature and activities of a group of advanced, professional attackers working out of China, dubbed the Hidden Lynx team.

They report that Hidden Lynx offers a ‘hackers for hire’ operation that has stayed busy the last four years stealing specific information from a wide range of corporate targets.  Symantec says that Hidden Lynx activities display skill-sets far above some other attack groups also operating out of China — for example the Comment Crew (aka APT1) — and adds that they are “breaking into some of the best-protected organizations in the world.”

Hidden Lynx has targeted hundreds of organizations worldwide since November 2011.  Financial services organizations (not commercial banks) have been the vertical targeted most often by this group, amounting to almost 25% of the top 10 targeted industries.  In that same period, they also hit targets in United States almost 53% of the time.

Symantec’s analysis suggests that Hidden Lynx is “tasked with obtaining very specific information that could be used to gain competitive advantages… It is unlikely that this organization engages in processing or using the stolen information for direct financial gain.”

When Symantec looked at Hidden Lynx’s large scale attacks, the focus on Financial Services increased, amounting to 30% of their attacks.

The key conclusion offered by Symantec is that “cyber-espionage campaigns are becoming increasingly common,” and that “these attacks are becoming increasingly sophisticated.”

We can take steps to help resist attacks like those by Hidden Lynx keeping valuable information from falling into their hands. The key is to take those steps! Work with your information security consultants.  Protect all endpoints, yours included, from malware.  Use ‘safe’ web filtering services. Train your workforce to resist social engineering through all communications channels, including your browser.  Incorporate secure software practices into all of your business application investments.  Insist on secure infrastructure configurations and practices.


“Hidden Lynx – Professional Hackers for Hire.”
By Stephen Doherty, Jozsef Gegeny, Branko Spasojevic, and Jonell Baltazar.
Version 1.0 – Sept 17, 2013

“Hidden Lynx – Professional Hackers for Hire.”
17 Sept 2013

“Hidden Lynx and MSS protection.”
18 Sept 2013

China Cyber-Threat Again Highlighted

February 19, 2013

Responding to the buzz generated by the release of a new evidence-rich report on  China’s cyber threat actors by Mandiant, a pair of articles today point out again China-sourced cyber-threats to businesses.  Financial services is a global enterprise.  Virtually all financial services organizations are attempting to enter China markets and are pursuing investments in China in order to better diversify their portfolios and offer their customers opportunities in throughout Asia.

The report by Mandiant and signals from the U.S. government remind us again that it is important to resist the types of attacks that seem to continue out of China.  Mandiant documented that the China-based hostile actors have systematically stolen hundreds of terabytes of data from at least 141 organizations.  The White House specifically highlighted that this threat was directed against Financial Services organizations, among others.

Writers at The Washington Post said that the recent “Mandiant report echoed a classified National Intelligence Estimate by the U.S. intelligence community that concluded that China was the most aggressive perpetrator of a massive campaign of cyber-espionage against commercial targets in the United States.”

Writers in the Wall Street Journal added that:

“U.S. officials said the allegations in the Mandiant report come as no surprise and build on other evidence of cyber infiltration.

A 2011 intelligence report publicly accused China of a role in cyberattacks. More recently, a U.S. assessment known as a National Intelligence Estimate, which remains classified and hasn’t been released, cited the Chinese government as being behind pervasive cyberthefts resulting in the loss of intellectual property, according to people who have read it.”

Bringing value to China appears to come at a material risk.  Can you afford to lose your risk models?  Your fraud analysis engines? Your portfolio management tooling?  Your investing strategies?  We all have material investments in highly-portable intellectual property.  Protect it from known threats as a demonstration of threshold due diligence.

At a minimum, ensure that you have employed a full spectrum of threat-resisting technology and process that is already hand in every financial services organization. Ensure that your protective layers overlap and compensate for each other, and do so throughout your infrastructure, not just at the Internet edge. Plan for and fund enhancement of your detective, preventative, corrective, and compensating control capabilities — as the issue of persistent “world-class” state-sponsored hostile actors appears to be with us for the forseeable future.


“Mandiant Intelligence Center Report — APT1: Exposing One of China’s Cyber Espionage Units.”

“Report ties cyberattacks on U.S. computers to Chinese military.”
By William Wan and Ellen Nakashima; 02-19-2013

“U.S., China Ties Tested in Cyberspace.”
By JULIAN E. BARNES and SIOBHAN GORMAN in Washington and JEREMY PAGE in Beijing; 02-19-2013

Updated to include the following reference on 04-15-2013:
“contextChina’s Guide to Understanding Recent News on Chinese Hackers.”
By  , 02-22-2013

%d bloggers like this: